Fix Container Registry Purge workflow (#1835)

.github/workflows/container-registry-purge.yml

@@ -2,8 +2,8 @@
 name: Container Registry Purge
 
 on:
-  #schedule:
-  #  - cron: '0 0 * * SUN'
+  schedule:
+    - cron: '0 0 * * SUN'
   workflow_dispatch:
     inputs: {}
 
@@ -12,26 +12,45 @@ jobs:
     name: Purge old images
     runs-on: ubuntu-20.04
     strategy:
+      fail-fast: false
       matrix:
         include:
           - name: bitwardenqa
           - name: bitwardenprod
     steps:
       - name: Login to Azure
+        if: matrix.name == 'bitwardenprod'
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
           creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
 
+      - name: Login to Azure
+        if: matrix.name == 'bitwardenqa'
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
       - name: Purge images
         env:
           REGISTRY: ${{ matrix.name }}
+          AGO_DUR_VER: "180d"
           AGO_DUR: "30d"
         run: |
           REPO_LIST=$(az acr repository list -n $REGISTRY -o tsv)
           for REPO in $REPO_LIST
           do
-            PURGE_CMD="acr purge --filter '$REPO:.*' --ago $AGO_DUR --untagged --dry-run"
-            az acr run --cmd "$PURGE_CMD" --registry $REGISTRY /dev/null
+            TAG_LIST=$(az acr repository show-tags -n $REGISTRY --repository $REPO -o tsv)
+            for TAG in $TAG_LIST
+            do
+              if [ $TAG = "latest" ]; then
+                PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR_VER --untagged --keep 1"
+              elif [[ $TAG =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
+                PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR_VER --untagged"
+              else
+                PURGE_CMD="acr purge --filter '$REPO:$TAG' --ago $AGO_DUR --untagged"
+              fi
+              az acr run --cmd "$PURGE_CMD" --registry $REGISTRY /dev/null
+            done
           done